FireFox Security Issues : Q&A

When will Firefox get Sandboxing? Chrome's had it for ages! 

Firefox includes a broad array of technologies in its toolbox to eliminate or reduce security threats. Sandboxing is a useful addition to that toolbox, and one which we are investigating, but no technology is a silver bullet.

Firefox invests in security throughout the development process with internal and external code reviews; constant testing and analysis of running code; and rapid response to security issues when they emerge.

They have lined up several initiatives to boost plug-in security. They have been working with Adobe to fully sandbox the Flash plug-in within Firefox.

The Mozilla community has also started work on an experimental project called Shumway. This uses JavaScript to create a Flash virtual machine, which lets you play Flash files without Flash Player.

They are also developing 'Click-to play', a browser feature that encourages updates of vulnerable plug-ins, and improves protection from drive-by plug-in attacks by stopping vulnerable plug-ins from running by default.

Why does Firefox not have anti-virus and anti-malware built into Firefox? 

Firefox provides phishing and malware detection, which is built into Firefox. These features will warn users when a page they visit has been reported as a 'Web Forgery' of a legitimate site (phishing) or as an 'Attack Site' (malware). They are always investigating ways to improve security, but they believe that users should choose their own comprehensive security tools that meet their specific needs.

What specific security tools does the new Firefox mobile OS contain? 

Mozilla takes security very seriously, which is why each application that runs on the Firefox mobile operating system has its own process, and this is sandboxed from the rest of the phone. Each app will prompt the user for access to privileges that affect privacy, such as gee-location, camera and contacts, so that the user always remains in control of the information any app can obtain.

Do you agree with the analysis that the New Tab problem is more fundamental and long-lasting than Mozilla has claimed- and it has been in all previous versions of Firefox? 

We are aware of the concern and have fixed it in Firefox 14. The New Tab thumbnail feature was introduced with Firefox 13 and does not transmit or store personal information outside the user's direct control.

The New Tab thumbnails are based on users' browsing history. All information is contained within the browser and can be deleted at any time.

To delete this information, go to Tools, Clear Recent History and select 'Browsing and Download History' under Details. Then click Clear Now. This will erase your browsing history.

A more convenient approach would be to set the privacy preferences to 'Clear history when Firefox closes' in the settings menu, which will clear your browsing history every time you exit Firefox.

Users who share a computer or use Firefox on a public computer should use built-in privacy tools, such as Private Browsing Mode.